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METHOD AND SYSTEM FOR SECURING A PERSONAL COMPUTER BUS 

Cross Reference to Related Patents 

The present invention is related to U.S. Patent 4,460,957 entitled "Self 
Pacing Serial Keyboard Interface for a Data Processing System" which is assigned 
to the assignee of the present invention. The teachings of this patent, which is 
sometimes referred to as the Keyboard Patent, are hereby specifically incorporated 
into this document by reference. 

The present invention is also related to two patent applications related to the 
selective locking of a keyboard. These patent applications, which are sometimes 
referred to as the ROM Scan Applications, are Serial No. 09/052,733 entitled 
"Personal Computer ROM Scan During Startup Protection" filed March 31, 1998 by 
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Robert Duane Johnson et al. and "Method and System for Improved Security 
During ROM Scan", Serial No. 09/431,728 filed on November 1, 1999, by Richard 
Alan Dayan et al. The ROM Scan Applications are assigned to the assignee of the 
present invention, with the disclosures of these patents specifically incorporated 
herein by reference. 

Background of the invention 

Field of the invention 

The present invention is an improved system and method for providing 
security in a personal computer. More particularly, the present invention relates to 
securing an external bus (particularly the Universal Serial Bus, sometimes referred 
to as the USB Interface) and coupling the locked state of that bus with the locked 
state of the keyboard. This accomplishes security of the external bus consistent 
with the security of the keyboard. 

Background Art 

Personal computers in general, and the IBM personal computers in 
particular, have obtained wide spread use for a variety of data processing 
applications, providing computing power to many segments of society for handling 
information in the form of digital data. These personal computers may be defined 
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as desktop, floor-standing or a portable unit and typically include a system unit with 
a single system processor with volatile and nonvolatile memory, a display, one or 
more input devices such as a keyboard or a mouse connected to dedicated data 
ports in the system unit and one or more storage devices such as a floppy disk 
drive, a fixed disk drive or a CD ROM drive, and optionally, a printer or other output 
device. The components of a personal computer are assembled into an enclosure 
which includes a variety of data ports or external connectors to couple input and 
output devices to the single system processor. 

Such personal computers not only include the dedicated port(s) for 
connecting the keyboard or mouse, but a variety of general purpose buses have 
been established to interface a wide variety of peripheral devices through 
well-defined (in some cases, industry-standard or quasi-industry standard) 
interfaces. One such type of interface is the Universal Serial Bus interface 
(sometimes referred to as the USB interface), the parameters of which are set forth 
in a generally available document entitled "Universal Serial Bus Specification" 
Release 1.1 dated September 23, 1 998 from USB.ORG which was prepared by 
representatives of four companies; Compaq, Intel, Microsoft and NEC. Buses 
which comply with this standard are referred to as the USB interface and have 
been included on several recent versions of personal computers from various 
different manufactures for attaching devices for plug-and-play of personal 
computers with such computer peripherals as telephones, modems, CD-ROM 
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drives, joysticks, tape and floppy drives, scanner and printers. Additionally, the 
USB Interface allows an alternate connection for input devices such as keyboards 
and mice, providing an alternate to the dedicated keyboard and mouse ports which 
many manufacturers provide. 

The ROM Scan Patents disclose that it is sometimes desirable to prevent a 
user input at an input device such as a keyboard or a mouse, a feature which locks 
out the keyboard from making effective inputs during sensitive periods such as the 
initialization of the personal computer during its power-on-self test, POST, and 
ROM scan. The ROM Scan Patents also teach that the memory of the computer 
system may be vulnerable to user inputs during these times and that user inputs 
should be controlled. One such way to control the input is to lock out the keyboard 
for at least part of the time during which ROM scan is occurring, as taught by the 
ROM Scan Patents. 

In addition, there are other security features which advantageously control 
the keyboard. When a user leaves his workstation, he can invoke a security 
feature which locks out the keyboard until a key is used to unlock the system. 
Some systems also provide security by locking the keyboard during certain time 
periods and other require the use of a supervisory key to unlock the keyboard for 
use. Locking of a keyboard may be selectively controlled (by either a physical key 
or by password or other security control) and is well known in the trade as a 
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desirable feature of current models of personal computers. 

However, no locks for the USB port of the personal computer are specified 
in the document referred to above - the Universal Serial Bus is generally available 
whenever the personal computer is powered up. Thus, a keyboard attached 
through the dedicated keyboard port may be secured against entries, but a similar 
keyboard accomplishing the same function is not secured at all when attached 
through the USB port. 

Summary of the Invention 

The present invention overcomes the disadvantages and limitations of the 
prior art devices while providing security for the system against devices hooked 
into it through an external bus such as the USB interface. 

The present invention has the advantage that a keyboard lock applied to the 
keyboard port in a computer system has the effect of locking out an input device 
attached to the USB Interface. 

By synchronizing the locking and unlocking of a keyboard attached to the 
dedicated keyboard port of a computer system with a USB interface, the system is 
secure against input devices, whether the input the device is attached to the 
dedicated port or attached to a USB interface. 
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The present invention has the advantage that it is a simple, yet effective, 
way of providing security for the sensitive portions of computer storage during 
times when they are vulnerable to attack because the operating system is writing to 
those portions of memory, e.g., during the power-on-self-test. The present 
invention overcomes the disadvantage in the prior art that the computer could be 
locked against keyboard input through the keyboard port while remaining open to a 
keyboard entry through the USB interface where an input device such as a 
keyboard is one of the devices intended to be connected. 

Other objects and advantages of the present invention will be apparent to 
those skilled in the relevant art in view of the following description of the preferred 
embodiment, taken together with the accompanying drawings and the appended 
claims. 

Brief Description of the Drawings 

Having thus described some of the objects and advantages of the present 
invention, other objects and advantages of this invention will be apparent through 
the discussion of the drawings of present invention of an improved computer 
security system and method in which: 

Fig.1 is a pictorial view of a computer system environment useful for 
understanding the present invention; 
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Fig. 2 is a block diagram of the computer system of Fig. 1 ; 
Fig. 3 is a block diagram of the Computer System with the Present invention 
included; 

Fig. 4 is a logic diagram for a keyboard sensing unit as shown in Fig. 3. 
Fig. 5 is a logic diagram for a Security unit as shown in Fig. 3. 

Detailed Description of the Preferred Embodiment 

In the following description of the preferred embodiment, the best 
implementation of practicing the invention presently known to the inventors will be 
described with some particularity. However, this description is intended as a 
broad, general teaching of the concepts of the present invention in a specific 
embodiment but is not intended to be limiting the present invention to that as 
shown in this embodiment, especially since those skilled in the relevant art will 
recognize many variations and changes to the specific structure and operation 
shown and described with respect to these figures. Some of those skilled in the 
relevant art will also recognize that some of the benefits of the present invention 
can be obtained by using only some of the features described in connection with 
the present invention without the corresponding use of other features. 

Fig. 1 is a pictorial view of a computer system 10 useful in understanding the 
present invention. The computer system 10 includes a system unit 12 with two 
input devices, a keyboard 14 and a mouse 16, coupled to it. The couplings are not 

RP9-99-125 7 



shown, but the system unit of many personal computers of recent vintage include 
dedicated ports for plugging in the keyboard and the mouse because such input 
devices are ubiquitous. Also shown as a part of the computer system 10 is a 
display 17, an optional printer 18 and a USB peripheral device 20. Many system 
units of current model personal computers include interfaces (or plugs) brought out 
to the outside of the case for specific devices (such as the display 17) and also a 
variety of general purpose ports into which peripheral devices can be attached, 
including at least one Universal Serial Bus (USB) interfaces (many personal 
computers from IBM currently provide two USB ports for attaching peripherals 
operating using the USB standards references above). The USB peripheral device 
20 is plugged into one USB port of the system unit 12 which connects the USB 
peripheral to a system bus inside the system unit 12. 

As described elsewhere in this document in greater detail, the USB interface 
was designed to accommodate an input or output device selected from a wide 
variety of potential input/output devices, such as a CD-ROM drive or a keyboard. 

The ROM Scan Patents describe the risks associated with the use of a 
keyboard during initial start up of a personal computer, when the computer goes 
through power-on-self-test (POST) and performs a ROM scan looking for ROM 
adapters. The ROM Scan Patents describe the risks as potential data security 
risks and propose that the keyboard be locked out during that time (unless a user 
input is required by the ROM adapter). It is proposed in the ROM Scan Patents that 
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the dedicated interface to the keyboard and the mouse be selectively locked out 
from accepting user inputs during the period of time that the ROM scan is occurring 
in the computer. The present invention extends the protection (e.g., during the 
ROM scan activity) against keyboard input from a user to protect the computer 
system against user input transmitted through a general purpose interface such as 
the USB port by an input device connected to the USB port. In this way, the 
computer system is secured against user input during crucial time periods from 
either an input device connected either through a dedicated port for such an input 
device or through a general purpose port such as the USB interface. The concepts 
of the present invention relating to coupling the locking of the keyboard to a locking 
out of the general purpose port apply as well to times during the operation of the 
computer system other than the computer start up (e.g., POST and ROM scan) 
activity when the computer system may be locked against keyboard entries, such 
as to protect an unattended computer system. 

Figure 2 is a schematic diagram of a portion of the personal computer 10. 
The keyboard 14 is coupled through a keyboard/mouse controller 22 via a Low Pin 
Count (LPC) or ISA bus 24 to the I/O Controller Hub (ICH) 28 via a Hub Link Bus 
(HLB) to a Memory Controller Hub (MCH) 27 via a Front Side Bus (FSB) to the 
central processor 26 of the personal computer 10. 



Access by the central processor 10 is via the processors I/O address space 
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at I/O address space addresses 60 hexadecimal and 64 hexadecimal. The mouse 
16 is also coupled to the keyboard/mouse controller 22. Both the keyboard 14 and 
mouse 16 ports are referred to as the PS/2 Keyboard and PS/2 Mouse ports, 
respectively in the PC industry. As known in the state of the art, any device that 
emulates either a keyboard or mouse can attach to the respective port. 
In many personal computers, the keyboard 14 and mouse 16 ports are dedicated to 
their respective devices and are only configured to allow the attachment of such a 
device. 

Figure 3 is a schematic diagram illustrating the locking system of the present 
invention. The Keyboard/mouse controller 22, which is resident in the Super I/O 
module 29 and used to connect the keyboard 14 to the microprocessor 26, is 
connected to a security unit 82 which is a new connection for this invention. 
Alternative connections are possible to someone familiar with the state of the art. 

For example, the security unit 82 could be connected to the LPC bus 24 and 
monitor the transmissions for commands targeting the keyboard 14 or its controller 
22. 

The USB host controller 30 is connected to the USB ports 88 via an 
interposing switch 80. The switch 80 receives instructions from the security unit 82 
to instruct the switch 80 to lock or unlock the bus via a control signal 89. When 
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locked, the switch prevents data from reaching the USB host controller 30 and the 
microprocessor 24, however, the USB Keyboard sensing unit 84 can still monitor 
the transmissions from devices attached to the USB ports 88 to monitor for entry of 
the password in order to unlock the bus 88. As USB keyboard keystrokes are 
detected, the keyboard sensing unit unpacks the USB usage codes and converts 
them to the well known PS/2 keyboard scan codes via bus 90 to the security unit 
90 for correct password entry verification. When unlocked, the switch allows all 
USB transmissions from devices attached to the USB ports 88 to the USB host 
controller 30 and the microprocessor 24. In this way, when the switch 80 is in the 
locked state and keyboard inputs are not being processed from the USB ports 88 
by the microprocessor 26, there is still something in the personal computer (the 
security unit 82) listening for a correct password to unlock the system and allow 
direct communication from either the keyboard 14 and/or a USB keyboard attached 
to one of the USB ports 88. 

Figure 4 shows the logic in use in the USB Keyboard Sensing Unit 84 of this 
invention. The Sensing unit 84 constantly monitors 60 the USB bus 88 for the 
presence of data and commands. 

If data is found, it is checked to see if it is a Control Request 62. If not a 
control request, the data is checked to see if a USB device is sending data to the 
controller 70. If it is not a data packet, the sensing unit 84 returns to monitor the 
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USB bus 60. If a USB data packet is present 70, the sensing unit 84 checks to see 
if it is from a keyboard device identified 72 in step 68. If not a keyboard data 
packet, the sensing unit 84 returns to monitor the USB bus 60. If it is keyboard 
data packet 72, the sensing unit detects the usage code from the data packet 74 
and converts the usage code to the industry standard scan code used by the PS/2 
Keyboard device 76. The sensing unit 84 then transmits the scan code to the 
Security Unit 82 for processing and returns to step 60 to monitor the USB bus 88 
for more data packets. 

Returning to step 62, if the data is a control request, the sensing unit tests to 
see if it is a USB Keyboard Descriptor 64. If not, the sensing unit returns to its 
monitoring state in step 60. If the data is a keyboard descriptor 64, the sensing 
unit looks for an ID command 66. When found, the USB ID is stored so that the 
USB device is recognized as a USB keyboard. Then processing returns to step 60 
where the monitoring process resumes. 

Figure 5 illustrates a logic design for the security unit 82 to allow it to 
recognize a correct password to unlock the keyboard attached to the system when 
the personal computer (and its processor 26) is otherwise locked against user 
inputs. The security unit 82 receives, at block 100, a single unit of data, such as 
would emanate from a single key stroke on a PS/2 personal computer keyboard or 
a USB keyboard attached at USB interface 88, indicating either a single character 
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or a command from the processor 26 to the keyboard and checked to see if this 
data is a Load Password Command from the processor. If it is a Load Password 
Command, the security unit 82 intercepts and stores the next set of characters as 
the password until a terminator (OOh) is encountered 102. Processing continues at 
step 100 again. 

Returning to step 100, if the data is not a Load Password Command, the 
security unit 82 checks to see if the data is an Enable Password Command 104 
from the processor 26. If not, the security returns to step 100 to monitor the USB 
bus 88 and PS/2 I/O ports 60h and 64h 86. If the data is an Enable Password 
command, the security unit 82 checks to see if a valid password is already loaded 
1 06. If not, the security unit returns to step 1 00 to continue monitoring. If a valid 
password is already loaded, the security unit 82 locks the switch 80 in step 108. 
Following locking the keyboard, the security unit 82 goes into a monitoring state to 
check for the entry of a Valid password 1 1 0. The password may be entered on 
either the PS/2 Keyboard 14 or a USB keyboard attached at the USB interface 88. 
The system remains locked with respect to keyboard entry until the password is 
correctly entered. In step 112, the security unit 82 checks to see if the password 
was entered. If not entered correctly, the security unit 82 go to step 1 1 0 to monitor 
for entry of a password once again. If entered correctly, the switch 80 is unlocked 
114 and the security unit 82 start the process over again at step 100. 
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Of course, many modifications of the present invention will be apparent to 
those skilled in the relevant art in view of the foregoing description of the preferred 
embodiment, taken together with the accompanying drawings. The system for 
locking and unlocking the interface port to the keyboard port can be changed to fit 
the system requirements and designer's preferences, for example, by using a 
single interface through which the dedicated input device ports and the general 
purpose interfaces passes, then enabling or disabling the single interface, as 
desired, to prevent used input through either the dedicated port or the general 
purpose port. The system for locking the inputs is subject to various other 
approaches, including other software, hardware and combination approaches to 
accomplish the functions desired in a known manner. Thus, many modifications to 
the system described above can be made without departing from the spirit of the 
present invention. Accordingly, the foregoing description of the preferred 
embodiment should be considered as merely illustrative of the principles of the 
present invention and not in limitation thereof. 
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Claims 

Having thus described the invention, what is claimed is: 



1 1 . A system for selectively securing a personal computer comprising 

2 a system unit including a first port dedicated to connecting an input device 

3 and a second port for connecting an other device; 

4 an input device connected to the system unit through the first port; 

5 a switch for selectively locking out user input, said switch connected to both 

6 the first port and the second port, with said switch operating to prevent user input 
both through the input device and through a device connected to the other port. 

Li 2. A system for selectively securing a personal computer including the elements of 

];2 Claim 1 wherein the input device includes a keyboard connected to the system unit 

H3 through a dedicated keyboard port and the switch includes means for 

^ simultaneously locking out user input to the system unit from the keyboard and 

;;;j5 from a device attached to the other port. 

1 3. A system for selectively securing a personal computer including the elements of 

2 Claim 1 wherein the other port couples a standard input/output device to the 

3 system unit for communication and the switch prevents the standard input/output 

4 device coupled to the other port from communicating with the system unit when the 

5 input device is locked out against user input. 



RP9-99-125 15 



1 4. A method of operating a personal computer having a system unit with a first 

2 interface to a keyboard and an other interface through which an external device 

3 may also be coupled to the system unit, the steps of the method comprising: 

4 providing a device for selectively locking out the keyboard, preventing user 

5 input at the keyboard from affecting the system unit; 

6 providing a lock on the other interface for selectively locking that interface 

7 against inputs from the external device from affecting the system unit; and 

8 coupling the switch on the other interface to the external device for 

9 selectively locking out the keyboard so that when the keyboard is locked out, an 
91) input from the external device is prevented from affecting the system unit. 

[j 5. A method of securing a personal computer including the steps of Claim 4 

j| wherein the step of coupling the switch to selectively lock out the keyboard and an 

H input from the external device occurs during the initial start up of the personal 

9 computer. 



1 6. A method of securing a personal computer including the steps of Claim 4 

2 wherein the step of coupling the switch to selectively lock out the keyboard and 

3 input from the external device occurs whenever the keyboard is secured against 

4 user input. 
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1 7. A computer system comprising: 

2 a keyboard; 

3 a processor connected by a system bus to the keyboard; 

4 a first switch disposed between the keyboard and the processor to 

5 selectively prevent user inputs from the keyboard from being processed by the 

6 processor; 

7 an interface for connecting an input/output peripheral to the processor; and 

8 a second switch connected between the interface to the input/output 

C£ peripheral and the processor for selectively preventing input from the input/output 

:1p processor from being processed by the processor; and 

|i a connection between said first switch and said second switch to coordinate 

J2 the switching of the first and second switches so that when a user input at the 

m keyboard is prevented from being processed at the processor, an input from the 

i y 

% input/output peripheral is also prevented from being processed by the processor. 

1 8. A computer system of the type described in Claim 7 where the connection 

2 between the first and second switches also enables a user input at the input/output 

3 peripheral to be processed by the processor when the keyboard is enabled. 

1 9. A computer system comprising: 

2 a keyboard for receiving a user input and transmitting it to a processor 
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3 through a keyboard interface; 

4 a processor coupled to the keyboard interface for receiving a user input at 

5 the keyboard; 

6 at least one bus port operatively coupled to the processor for providing an 

7 alternate connection for user input at an input device; 

8 a lock connected to keyboard and controlled for selectively preventing input 

9 to the processor from the keyboard, with said bus port also being coupled to the 

10 lock so that user input from the input device connected to at least one bus port is 

11 prevented from reaching the processor when the lock prevents user inputs from the 
II keyboard from reaching the processor. 

lI 10. A computer of the type described in Claim 9 where the computer includes a 

j;2 first lock system on the keyboard and a second lock system on at least one port, 

h3 with said first and second lock systems being coupled to have the same locked and 

^ unlocked condition at any given time, whereby, when the keyboard attached to the 

^5 keyboard port is locked, an input device connected to the at least one port is also 

6 locked. 

1 1 1 . A method of securing a personal computer which includes a processor 

2 operatively connected to a serial bus and to a keyboard, the steps of the method 

3 comprising: 

4 providing a lock associated with the keyboard for selectively preventing user 
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inputs at the keyboard from being processed by the processor; 

coupling the serial bus to the lock associated with the keyboard so that the 
keyboard and the serial bus are in the same state of being either locked or 
unlocked to user input at any time. 

12. A method of securing a personal computer including the steps of Claim 1 1 and 
further including the step of unlocking the keyboard and serial bus in response to 
the entry of an appropriate password at one of the keyboard and the serial bus. 
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Abstract 



A system and method of securing a USB Interface of a personal computer 
against inputs from a user when the keyboard of the personal computer is secured 
against user inputs. By combining the hardware locking of the USB Interface is 
with the locking of the keyboard controllers, a potential circumvention of the 
keyboard controller lock is avoided and security of the data stored on a personal 
computer is increased. 
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knowledge that willful false statements and the like so made are punishable by fine or imprisonment, or both, 
under 18 USC 1001 and that such willful false statements may jeopardize the validity of the application or 
any patent issued thereon. 
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DOCKET NlJMBER: RP9-99-125 



POWER OF ATTORNEY: As a named inventor, I hereby appoint the following attorneys and/or agents to 
prosecute this application and transact all business in the Patent and Trademark Office connected therewith. 



H. St. Julian 
George E. Grosser 
Anthony N. Magistrate 
Christopher A. Hughes 
Edward P. Pennington 
Joseph A.. Sawyer 



Reg. No. 30,329 
Reg. No. 25,629 
Reg. No. 35,595 
Reg. No. 26,914 
Reg. No. 32,588 
Reg. No. 30,801 



Daniel E. McConnell 
Bernard D. Bogdon 
Martin J. Mckinley 
John E. Hoel 
Andrew J. Dillon 



Reg. No. 20,360 
Reg. No. 24,773 
Reg. No. 31,782 
Reg. No. 26,279 
Reg. No, 29,634 



Send correspondence to George E. Grosser, IBM Corp., PC Co. Legal Dept., Dept. 9CCA/Bldg. 002-2, 
Research Triangle Park, NC 27709 and direct all telephone calls to George E. Grosser at (919) 254-4753. 



FULL NAME OF INVENTOR: Richard Alan Dayan 
INVENTOR'S SIGNATURE: 



iR: Richard Alan Dayan 

- ^LtfLO 




DATE: . 



RESIDENCE: 8308 Wycombe Ridge Way, Wake Forest, North Carolina 27587 
CITIZENSHIP: USA 

POST OFFICE ADDRESS: Same as Above 



FULL NAME OF INVENTOR: Eric Ricij 
INVENTOR'S SIGNATURE: 





RESIDENCE: 5 Rose Bay Court, Durham, North Carolina 27713 
CITIZENSHIP: USA 

POST OFFICE ADDRESS: Same as Above 
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